[prev in list] [next in list] [prev in thread] [next in thread]
List: cups
Subject: [cups.general] Unable to use local certificate with CUPS
From: Andrey Repin <anrdaemon () freemail ! ru>
Date: 2012-07-28 18:45:49
Message-ID: 41647-cups.general () news ! easysw ! com
[Download RAW message or body]
Greetings, All.
I'm moving internal infrastructure towards smooth connectivity, and one of the
steps was to start using proper certificates to encrypt secure connections.
Apache and other services already going fine, but CUPS made me a problem.
When I point it to the new key/cert, it deny any attempts to connect to it
using SSL.
E [28/Jul/2012:22:06:26 +0400] encrypt_client: Unable to encrypt connection from 192.168.1.10!
E [28/Jul/2012:22:06:26 +0400] encrypt_client: Could not negotiate a supported cipher suite.
when I set links back to "snakeoil" certificate, everything start to behave.
FS rights on key and certificate are copied from "snakeoil" one, so I can't
think about it being file access problem.
Do I need any special OID's for certificate to work with CUPS, or anything
else I've missed?
--
Sincerely Yours, Andrey Repin <anrdaemon@freemail.ru>
["snake.txt" (text/plain)]
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
b8:e6:ee:2d:1c:b6:41:a1
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, \
OU=Office for Complication of Otherwise Simple Affairs, \
CN=daemon1.darkdragon.lan/emailAddress=root@daemon1.darkdragon.lan Validity
Not Before: Feb 28 05:02:35 2011 GMT
Not After : Mar 30 05:02:35 2011 GMT
Subject: C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, \
OU=Office for Complication of Otherwise Simple Affairs, \
CN=daemon1.darkdragon.lan/emailAddress=root@daemon1.darkdragon.lan Subject Public \
Key Info: Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:de:e9:a0:89:85:fa:ac:b5:0b:6b:ca:2d:1c:2b:
78:70:b2:0d:04:14:cc:cb:de:ed:00:2a:4b:a3:96:
86:cd:8a:54:71:b5:b5:f8:7e:49:7a:4d:c0:17:8e:
04:d8:67:6d:8c:08:93:51:dd:7f:cd:13:df:ed:8d:
56:54:50:32:2d:e8:38:d8:0e:f9:c4:b5:a4:9c:d7:
42:b1:4b:f0:3c:77:d2:39:a8:e8:28:4e:fe:8b:f6:
0b:f1:1e:42:c7:95:e3:3a:6a:e3:a6:46:5e:5a:71:
2c:d0:b2:ae:f6:b3:f7:fd:e5:e1:c0:be:2a:78:b0:
4b:fd:6e:17:15:7b:a8:89:09
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
c0:fa:ac:d5:13:b9:40:28:90:cb:5c:c1:a5:6f:f0:f9:3f:f0:
ac:64:8b:39:99:42:25:5f:54:9d:0a:d6:5f:4b:3f:bb:d3:fa:
c1:d7:be:ac:ca:03:34:f0:3b:30:8c:5e:de:fa:88:3e:0d:0b:
39:e3:f1:78:e3:73:7d:5e:d8:47:ee:4b:be:c3:0b:c6:a3:ad:
8b:45:b1:29:cd:f0:9a:38:41:e4:ec:d0:c9:49:cf:c4:c3:31:
49:22:50:2f:24:bb:53:7b:6e:fe:0d:66:12:3e:ff:87:a7:cb:
18:4c:8c:97:57:55:06:97:5c:de:95:bd:bb:a5:90:50:bd:97:
da:9f
["mine.txt" (text/plain)]
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=RU, L=Moscow, CN=Andrey Repin/emailAddress=anrdaemon@rootdir.org
Validity
Not Before: Jul 4 11:57:52 2012 GMT
Not After : Jul 5 11:57:52 2013 GMT
Subject: C=RU, L=Moscow, CN=daemon1.darkdragon.lan
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bc:24:e4:51:1c:84:e6:c4:10:b7:82:53:f1:1a:
38:c2:e8:88:4e:90:cc:bd:e9:b1:10:e3:e4:d1:4f:
84:d8:bd:6c:c6:d0:33:a0:90:16:7f:b4:af:70:88:
6f:82:c5:85:36:5a:7f:6b:92:74:7b:af:ac:a9:83:
32:43:ff:64:1d:0d:13:32:a2:51:0d:dd:56:da:a1:
81:11:d9:21:b7:28:d2:91:46:fd:83:22:61:2a:d4:
92:d9:24:92:10:23:25:68:77:b1:dd:09:9b:ec:f0:
df:4b:b0:a7:2c:bc:34:70:a8:54:1c:76:5d:30:01:
81:63:34:41:e8:d7:2f:72:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, E-mail Protection
X509v3 Subject Key Identifier:
83:C3:35:DA:DF:FC:FF:BC:3A:9A:E9:0B:4E:7C:E7:51:44:DC:92:FB
X509v3 Authority Key Identifier:
keyid:4D:1E:89:9B:E7:9B:AA:75:2E:99:C9:AE:0C:B8:87:C0:D1:A4:05:63
DirName:/C=RU/L=Moscow/CN=Andrey \
Repin/emailAddress=anrdaemon@rootdir.org serial:B5:1C:66:2B:1B:0A:E5:1E
X509v3 Issuer Alternative Name:
email:anrdaemon@rootdir.org
Authority Information Access:
CA Issuers - URI:https://ca.rootdir.org/
X509v3 CRL Distribution Points:
URI:https://ca.rootdir.org/ca.crl
X509v3 Subject Alternative Name:
email:anrdaemon@rootdir.org, DNS:daemon1.darkdragon.lan, DNS:daemon1, \
DNS:daemon.darkdragon.lan, DNS:ca.rootdir.org, DNS:darkdragon.darkdragon.lan, \
DNS:darkdragon.dynalias.org, DNS:svn.darkdragon.lan, DNS:svn.rootdir.org, \
DNS:test.darkdragon.lan, DNS:test.rootdir.org Signature Algorithm: \
sha1WithRSAEncryption 6e:bb:19:80:7f:7b:da:5a:a7:21:e4:45:5d:6e:be:0d:50:94:
d4:5a:0b:2c:ea:45:8a:62:31:b9:2a:56:97:d6:5e:23:cd:c8:
0f:8c:95:be:77:e3:df:bc:dd:db:33:99:93:c8:09:76:cc:71:
dd:95:53:10:2b:ba:95:4d:c7:4c:1e:de:ec:41:17:96:74:27:
f5:06:c6:28:9d:e9:fe:06:b4:2c:27:36:9c:11:4d:45:1d:10:
1d:6a:ef:1d:2a:9c:26:3d:83:d9:23:08:b8:dd:0f:a0:5a:3f:
b3:db:6a:91:69:78:bc:37:b9:8f:73:e7:8c:0e:56:a4:8b:50:
d8:54:a2:9a:8a:1c:fe:55:60:83:74:25:8d:bc:8e:94:76:cb:
a3:e2:5a:83:5d:3a:65:78:5b:3e:91:01:a1:05:9b:d5:c5:c1:
91:28:9e:da:08:aa:7b:2c:7d:71:71:2d:36:d6:36:5c:28:e7:
be:22:a9:03:70:be:fd:65:a1:40:ec:cc:5d:d1:25:33:7a:0a:
53:88:b4:1e:cc:d1:76:b3:cf:19:b9:bd:7b:82:b4:33:6d:a8:
b0:6f:2f:3d:1b:43:a1:3b:0e:e3:f3:36:ea:5b:b2:43:a9:ab:
7a:95:23:a8:6a:0a:9c:66:7e:5f:1a:12:b6:15:e9:03:0a:c1:
64:1e:92:37:1e:80:d6:70:d6:02:4b:99:cc:ce:9f:ae:55:dd:
89:2c:61:df:55:d9:e4:6e:48:75:7a:e8:e4:71:d6:cb:ce:56:
12:93:8a:41:8b:61:e9:76:a6:43:f9:cf:e5:30:03:69:20:5e:
4b:dc:8a:07:37:34:37:5d:a5:16:42:af:a1:5a:f8:be:16:1f:
66:66:b2:8f:11:d9:7b:f1:50:13:83:35:22:b6:ca:32:96:0b:
31:15:0b:7e:09:43:9d:44:c5:18:e6:0a:e0:84:97:5c:1b:fd:
a8:9c:d4:e6:8c:9f:35:46:5c:a5:2b:e6:cf:e9:2e:80:32:1d:
98:60:96:28:3f:27:0e:50:25:c4:60:fd:9c:22:93:de:9d:83:
ff:48:01:5e:c4:d2:9b:5e:9b:20:a7:55:1e:a9:37:a1:d4:74:
d6:f2:9d:14:93:f4:42:15:da:b5:73:d0:9a:90:c3:df:2d:9b:
6a:b5:50:bd:a9:c2:7a:f0:89:dd:4d:66:68:21:0a:35:1b:61:
14:55:96:7d:dc:12:e3:bd:57:50:a6:e7:ec:4a:43:83:28:bc:
5d:7a:c8:30:c5:b9:94:d7:51:51:d1:5a:fe:c4:f6:3b:69:2c:
66:29:55:49:75:d1:da:67:a3:91:15:e7:42:c1:45:19:06:ee:
13:f3:d6:be:9e:ba:b6:a1
_______________________________________________
cups mailing list
cups@easysw.com
http://lists.easysw.com/mailman/listinfo/cups
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic